These source files uses symbols provided by sys/stat.h, e.g. struct stat,
S_IFREG, S_IFBLK, and so on. Let's explicitly include sys/stat.h where
necessary.
Glibc's fcntl.h includes bits/stat.h, which provides these symbols, so
these symbols can be used without explicitly including sys/stat.h. But,
based on the discussion in #37922, we should explicitly include relevant
headers, and should not rely on the indirect inclusion.
basic/include: replace _Static_assert() with static_assert()
If one of the header is included in a C++ source file, then using
_Static_assert() triggers compile error for some reasons.
Let's use static_assert(), which can be used by both C and C++ code.
Yu Watanabe [Wed, 25 Jun 2025 16:03:26 +0000 (01:03 +0900)]
namespace-util,nsresource: explicitly include sched.h
These source files uses symbols provided by sched.h, e.g.
setns(), unshare(), CLONE_NEWNS, and friends, but they do not explicitly
include sched.h. Currently, it is included indirectly via missing_syscall.h,
which is included by e.g. pidfd-util.h.
Let's explicitly include headers that provides symbols used in the code.
tree-wide: several cleanups for reading/writing /proc/sys/fs/nr_open
- use unsigned for the return value of read_nr_open(), as it does not
fail, and the kernel internally uses unsigned for the value,
- when bumping the value by PID1, let's start from the kernel's maximum
value defined in fs/file.c. The maximum value should be mostly an API
of the kernel, but may changed in a future, hence still try several
times if we fail to bump the value.
Co-authored-by: Jared Baur <jaredbaur@fastmail.com> Co-authored-by: John Rinehart <johnrichardrinehart@gmail.com>
meson: do not reference variable unless feature that defines it is enabled
SYSTEMD_LANGUAGE_FALLBACK_MAP is used by the localed test, and
language_fallback_map is defined by the localed meson.
If the feature is disabled, the test is not built so the env var
is not needed, and the meson variable is not defined so the build
fails.
Enable nspawn job, as there's no nested kvm so VMs are too slow. Fix
some tests that fail in a VM anyway, might add a nightly job later that
runs them.
chase() is arguably a hot path in our code, hence it deserves
some caching whether open_tree() is available. Moreover,
the manual set of r to -EPERM feels kinda ugly. Let's
instead extract this bit into its own function.
seccomp-util: allowlist open_tree() as part of @file-system
Now that we make use of open_tree() in places we previously used
openat() with O_PATH, it makes sense to move it from @mount to
@file-system. Without the OPEN_TREE_CLONE flag open_tree() is after all
unprivileged.
Note that open_tree_attr() I left in @mount, since it's purpose is
really to set mount options when cloning, and that's clearly a mount
related thing, not so much something you could use unpriv.
This addresses an issue tracked down by Antonio Feijoo: since the commit
that started to use open_tree() various apps started to crash because
they used seccomp filters and sd-device started to use open_tree()
internally.
* cc380fbc8a Install new files for upstream build
* 45f81ec53e Install new files for upstream build
* 105837d0ba Update changelog for 257.7-1 release
* bb17074bfd systemd-boot: reduce harmless noise on cleanup
* 363898fe05 systemd-boot: remove fb too on removal
For initrd presets, we can change the default to disable services
by default instead of enabling by default without breaking compat
so let's do that as it makes much more sense as a default than
enabling everything by default.
New workers we got from IBM can be used now. The GHA linter doesn't
recognize them yet, so add a local workaround until the change is
merged in the linter.
ssh-generator: generate /etc/issue.d/ with VSOCK ssh info data (#37819)
ssh-generator: generate /etc/issue.d/ with VSOCK ssh info data
I find myself trying to log into a fresh ParticleOS VM started via
systemd-vmspawn all the time, but I don't know its CID. Let's show it on
the getty screen, to make it immediately visible.
ukify: when decompressing kernel before signing, call verify on decompressed file
Otherwise it will fail as it's an archive, not a PE file:
Invalid DOS header magic
Can't open image /boot/vmlinuz.old
/boot/vmlinuz.old is compressed and cannot be loaded by UEFI, decompressing
+ sbverify --list /boot/vmlinuz.old
=========================== short test summary info ============================
FAILED ../src/ukify/test/test_ukify.py::test_efi_signing_sbsign[3650] - subprocess.CalledProcessError: Command '['sbverify', '--list', PosixPath('/boot/vmlinuz.old')]' returned non-zero exit status 1.
FAILED ../src/ukify/test/test_ukify.py::test_efi_signing_sbsign[None] - subprocess.CalledProcessError: Command '['sbverify', '--list', PosixPath('/boot/vmlinuz.old')]' returned non-zero exit status 1.
FAILED ../src/ukify/test/test_ukify.py::test_inspect - subprocess.CalledProcessError: Command '['sbverify', '--list', PosixPath('/boot/vmlinuz.old')]' returned non-zero exit status 1.
pcrlock: process components outside of location window properly
So far, when we tried to match a component to eent log entries we
skipped those components if they were outside of our location window.
That however is too aggressive, since it means any components that are
already in the logs, but outside of the location window will be
considered unrecognized in the logs, and thus removed from the PCR
policy.
Change things around: always try to match up all components, regardless
if inside the location window or outside, but then make it non-fatal we
can't find a component outside of the location window.
As it turns out open() with O_PATH does *not* trigger autofs, you get a
reference to the autofs inode, if not triggered.
But there's a way out: open_tree() (when specified without
OPEN_TREE_CLONE) is actually fully equivalent to open() with O_PATH –
with the exception of one thing: it *does* trigger automounts.
Thanks for Christian Brauner for pointing me to this and saving my day.
openssl-util: allow to build with openssl without UI support (#38041)
This makes it possible to build systemd with
-Dc_args='-DOPENSSL_NO_UI_CONSOLE=1'. Hopefully, now systemd can be
built with other openssl implementations, like BoringSSL, which deos not
support UIs.
Those are user-controlled strings, so let's use heap allocations in the usual
fashion. (Though, with strndupa_safe, the allocations were bounded anyway, so
ultimately this doesn't matter.)
The zsh completions only complete one type argument, even though multiple
args are allowed. But the same issue occurs with other completions, e.g.
for options. I don't know how to solve this.
Those lists were partially wrong and partially outdated. We should generate
this document automatically, but let's revisit this topic after the conversion
to sphinx. For now, as a stop-gap solution, I generated the lists from
the new 'systemd-analyze transient-settings' command.
Related to https://github.com/systemd/systemd/pull/37641.
The name "transient settings" was used in docs/TRANSIENT-SETTINGS.md.
Using "setting" helps distinguish this from D-Bus "properties", which are
a much larger set, partially overlapping.
bus_append_unit_property() and associated functions accept a long list of
properties. But the specific names are only available through code. But it is
useful to be able to know the specific list of properties that is supported, in
particular for shell completions. Thus, add a way to list the properties that
are supported by the code.
In the future we could also turn this into a test for the documentation. For
various reasons, the list of properties listed in the docs is a partially
overlapping set. E.g. for service type, the pull request
https://github.com/systemd/systemd/pull/37661 creates a list with 212 entries,
and this code generates 7 entries less and 184 more. I didn't check all the
differences, but in the few cases I did, the list generated here was actually
correctly supported by 'systemd-run -p'.
test: drop ProtectHostnameEx, add one test for ProtectHostnameEx
This is a separate commit because the parent commit is supposed to be
backward compatible, i.e. the tests must pass with both the bogus ProtectHostnameEx
name and ProtectHostname.
A test is added for ProtectHostnameEx to verify that it is still accepted
for backward compat.
Accept ProtectHostname=… with the new extended syntax, keep accepting
ProtectHostnameEx=… for compat with release v257. Prefer sending ProtectHostname.
Currently, when running "systemctl preset-all --root=xxx" in mkosi
to enable/disable units for initrds, the system presets are used.
The problem with this approach is that the system presets are written
for the system, and that is not necessarily ideal for an initrd, but we
still want to use the same packages in the initrd that we install in the
system, so let's introduce a separate directory for initrd presets which
is used to pick up preset files from when we detect that we're configuring
an initrd (by looking for /etc/initrd-release).
We also introduce a systemd preset file for the initrd, which is based on
the system one, except with all the stuff unnecessary for the initrd removed.
projects / thirdparty / systemd.git / log
